FB pixel

What is China’s new data privacy law hoping to achieve?

Categories Biometrics News
What is China’s new data privacy law hoping to achieve?

The first of November marked the beginning of an apparent regulatory crackdown on data privacy violations in China, as the country’s first comprehensive privacy law (the Personal Information Protection Law) came into effect, leading to a surging demand for data protection specialists and seeing major corporations departing.

The new law, which has been compared to Europe’s GDPR by non-for-profit international privacy community IAPP (International Association of Privacy Professionals), will not only see an increase in data security, sovereignty and personal information rights, but will reshape how companies in China do business, the organization writes.

“When you look at PIPL, it is really focusing on protecting individuals, society, and national security—because of the unique Chinese political system,” says Alexa Lee, a senior manager of policy at the Information Technology Industry Council and an associate editor of Stanford University’s DigiChina project, which has been translating the PIPL into English.

The law aims to enhance cybersecurity along with complementing the country’s national security interests; therefore, companies wanting to share data outside of China must also now go through a national security review. This also goes for companies holding data on more than a million people (to send abroad), likewise for any reasonable-sized company operating in and out of China.

“If European data protection laws are grounded in fundamental rights and U.S. privacy laws are grounded in consumer protection, Chinese privacy law is closely aligned with, and I would even say grounded in, national security,” says Omer Tene, a partner specializing in data, privacy, and cybersecurity at law firm Goodwin. Reviews may​​ include laying out why data is being transferred out of China, the types of information being sent, and the risks of doing so.

Employing a data protection officer for companies is mandatory, and if PIPL laws are breached, applicable fines can be up to $7.8 million or 5 percent of a firm’s annual revenue—roughly equivalent to GDPR’s $23 million and 4 percent thresholds.

This said, government access of citizens’ personal data will not be affected by PIPL. Chinese citizens will remain under some form of surveillance, says Wired. Government use of digital surveillance is a “take it or take it” proposition. There is no significant government consideration about how citizens feel about the blanket biometric surveillance throughout the nation. Last month however saw reports that China has approved its first AI industry ethics guidelines, which if grounded in the law could surpass the West in establishing governance rules.

Wired highlights PIPL’s potential for influence on neighboring countries which are still developing their own data protection policies, DigiChina’s Lee is concerned that other Asian countries may follow suit using data localization measures, which are already being seen in draft laws in India and Vietnam.

While IAPP compares the key types of personal information rights under the GDPR and the PIPL such as the right to erasure, right to data portability and right not to be subject to automated decision making, it remains uncertain how such rights under PIPL might be interpreted in practice and what effects PIPL will have on Chinese citizens.

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News


Biometrics developers dance with data privacy regulations continues

Biometrics controversy and investments are often found side by side, as seen in many of this week’s top stories on…


EU AI Act should revise its risk-based approach: Report

Another voice has joined the chorus criticizing the European Union’s Artificial Intelligence Act, this time arguing that important provisions of…


Swiss e-ID resists rushing trust infrastructure

Switzerland is debating on how to proceed with the technical implementation of its national digital identity as the 2026 deadline…


Former Jumio exec joins digital ID web 3.0 project

Move over Worldcoin, there’s a new kid on the block vying for the attention of the digital identity industry and…


DHS audit urges upgrade of biometric vetting for noncitizens and asylum seekers

A recent audit by the DHS Office of Inspector General (OIG) has called for the Department of Homeland Security (DHS)…


Researchers spotlight Russia’s opaque facial recognition surveillance system

In recent years, Russia has been attracting attention for its use of facial recognition surveillance to track down protestors, opposition…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events